New Java and Swift SDKs for EOS Released By Block.one

Block.one, a Cayman Islands-registered firm that publishes open-source software for deploying decentralized applications (dApps) on EOS, one of the largest cryptocurrency platforms, has published a blog post in which it noted in a “very short period of time,” there has been “an explosion of innovative EOSIO web applications.”

EOSJS Downloaded Over 5,000 Times

The significant increase in the number of new apps launched may be attributed to the availability of EOSJS, which has reportedly been downloaded more than 5,000 times. As noted in Block.one’s blog, posted on May 17th, 2019, EOSJS provides JavaScript software architects with the tools required for building dApps on the EOS network.

SDK For Swift And Java Programmers

According to Block.one, native applications installed on smartphones are increasingly being used as they provide “richer, more engaging experiences” when compared to web-based apps.

In order to provide developers with the tools needed to create native mobile apps, Block.one has released two different software development kits (SDKs), one for Swift and another for Java programmers.

As mentioned in Block.one's blog, the SDKs include native APIs which may be used to interact with EOSIO blockchains. Additionally, the Swift and Java SDKs may assist developers in “creating, signing and broadcasting transactions” on the EOS mainnet.

Other features related to “handling keys and obtaining signatures” and “data serialization/deserialization” on EOS’ blockchain may also be implemented using the Swift and Java software toolkits.

EOS’ SDKs Provide “Great Deal Of Flexibility”

By allowing developers to create apps for Android and iOS using both the Swift and Java programming languages, Block.one aims to promote the development of “compelling, native EOSIO-powered experiences” for mobile phone users throughout the world.

Block.one’s latest SDKs provide “a great deal of flexibility” which has been borrowed from the EOSJS library. These new features, the software development company explained, allow developers to write programs for “a variety of use cases and environments — that of independent, interchangeable providers that plug into one core library.”

According to Block.one's blog, the core EOSIO SDK for Swift and EOSIO SDK for Java libraries may be used to “facilitate the transaction lifecycle.” They also provide “easy and idiomatic ways of creating and working with transactions, collecting the necessary signatures, and preparing and broadcasting those transactions to EOSIO nodes,” Block.one noted.

Signature Provider Feature

The software publisher also mentioned that the “Signature Provider” is one of its most “flexible provider abstractions.” The Signature Provider is used to determine which keys are available for signing and also for “requesting and obtaining the signatures required for the transaction.”

As explained in Block.one’s blog. a signature provider allows anyone requiring a signature from keys residing in the platform’s key store or “secure hardware signing element” to “configure the transaction with a signature provider that does it.” This is a useful feature because developers need not be concerned with “handling and securing a user’s private keys.”

P2P Token Trading Platform AirSwap Discloses ‘Critical Vulnerability’

Peer-to-peer trading platform AirSwap claims to have identified a "critical vulnerability" in one of its smart contracts.

Ten addresses have been identified so far as being at risk of exploitation.

Peer-to-peer token trading network AirSwap has disclosed a “critical vulnerability” in a newly released smart contract.

AirSwap's Critical Vulnerability

According to the disclosure, which was published on Sept. 13, AirSwap’s internal security team identified a potential exploit in a newly released mainnet smart contract. The vulnerability would allow an attacker to “perform a swap without requiring a signature from a counterparty.”

Our team discovered a critical vulnerability in a new AirSwap smart contract. Read on to understand the steps we’ve taken to prevent the vulnerability from being exploited, and to determine whether you need to take immediate action. https://t.co/1OWkMocWqg

AirSwap claims that the offending code was only present for twenty-four hours on the network before being identified and removed. However, users of AirSwap Instant between Sept. 11 and Sept. 12 may have been affected by the vulnerability, with the report claiming that 10 accounts have been recognized so far as being at risk.

AirSwap has published the addresses to the vulnerable accounts, telling all other users that no further action is required. The report also outlines the step-by-step actions taken by the exchange in the aftermath of discovering the vulnerability, including an apology to its client base,

We would like to deeply apologize to our affected users for any inconvenience these vulnerabilities may have caused, and hope that the important lessons we continue to learn throughout these processes form the basis for a more open, secure, and efficient trading environment.